Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

please help me remove trojan horse win32.onlinegames

nafisnafis

Posted 05 June 2008 - 03:50 PM

nafisnafis

New Member

Member

5 posts

hello. my computer is infected with a trojan horse called win32.onlinegames and a few others like win32.wow, win32.gen e.t.c. im not sure if these are all same viruses with different names. Im using avast antivirus and it keeps detecting the virus, but each time i delete the vrus, more of it keeps popping up and i have to keep on deleting them. The virus has made my computer very slow. Plase help me.

nafisnafis

Posted 06 June 2008 - 03:37 AM

nafisnafis

New Member

Topic Starter

Member

5 posts

hello jimmy2012. first of all, i would like to thank you for your time. i greatly appreciate it. . ok heres the hijack this log: (by the way,my OS is installed in drive D, and not drive C where it is usually installed)

Jimmy2012

Posted 06 June 2008 - 10:06 PM

Your log shows a infection that can steal your passwords. You should change all of your passwords on a clean computer ASAP.

I see that you have 3 anti-virus running, I need you to remove two of them.Running 3 anti-virus at the same time can slow your computer down and also the anti-virus can conflict with each other.These are the 3 I see you have running.AVG, Avast and PandaPlease remove two of those anti-virus.If you need help removing two of them please let me know.

STEP 1Please reopen HijackThis and click on Do a system scan only.And put a check next to the following entries.

Once you have the checks in those entries please make sure all open windows are closed(keep HijackThis open) and click fix checked on HijackThis. A box will open up asking if you want to fix the selected items, please click yes. After you have fixed those entires you can close HijackThis.

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.

Click the red Moveit! button.

A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

nafisnafis

Posted 07 June 2008 - 07:31 AM

nafisnafis

New Member

Topic Starter

Member

5 posts

Hello jimmy2012. Im having trouble removing Panda antivirus, its not there on 'add/remove programs' and when i try to delete it directly from progam files, it says 'the file is either write protected or is currently being used', even though im not running it currently(as far as im aware of). i think ive managed to remove AVG,though. Moving on, when OTMoveIt was runnig, it said there was an error and it closed saying that any unsaved changes were lost anways, heres the log for OTMoveit:

File/Folder D:\WINDOWS\system32\nhmxbjkl.dll not found.DllUnregisterServer procedure not found in D:\WINDOWS\system32\lassaplo.dllD:\WINDOWS\system32\lassaplo.dll NOT unregistered.D:\WINDOWS\system32\lassaplo.dll moved successfully.DllUnregisterServer procedure not found in D:\WINDOWS\system32\skqncbib.dllD:\WINDOWS\system32\skqncbib.dll NOT unregistered.D:\WINDOWS\system32\skqncbib.dll moved successfully.DllUnregisterServer procedure not found in D:\WINDOWS\system32\nhmxcjkl.dllD:\WINDOWS\system32\nhmxcjkl.dll NOT unregistered.D:\WINDOWS\system32\nhmxcjkl.dll moved successfully.DllUnregisterServer procedure not found in D:\WINDOWS\system32\apsgdjba.dllD:\WINDOWS\system32\apsgdjba.dll NOT unregistered.D:\WINDOWS\system32\apsgdjba.dll moved successfully.DllUnregisterServer procedure not found in D:\WINDOWS\system32\mnmhgsrv.dllD:\WINDOWS\system32\mnmhgsrv.dll NOT unregistered.D:\WINDOWS\system32\mnmhgsrv.dll moved successfully.D:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll unregistered successfully.D:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll moved successfully.File/Folder D:\WINDOWS\system32\amvo.exe not found.LoadLibrary failed for D:\WINDOWS\AppPatch\Jview.dllD:\WINDOWS\AppPatch\Jview.dll NOT unregistered.D:\WINDOWS\AppPatch\Jview.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 01032002_151836

And here are the DSS logs:Main:

Deckard's System Scanner v20071014.68Run by Nafis on 2002-01-03 15:23:27Computer is in Normal Mode.--------------------------------------------------------------------------------

Once you have the checks in those entries please make sure all open windows are closed(keep HijackThis open) and click fix checked on HijackThis. A box will open up asking if you want to fix the selected items, please click yes. After you have fixed those entires you can close HijackThis.

Boot into Safe Mode:1) Restart your computer2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.3) Instead of Windows loading as normal, a menu should appear4) Select the first option, to run Windows in Safe Mode.5) Select your normal user account.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.